Lucene search

[email protected]NVD:CVE-2023-49047

HistoryNov 27, 2023 - 5:15 p.m.

CVE-2023-49047

2023-11-2717:15:08

CWE-787

[email protected]

web.nvd.nist.gov

tenda ax1803 stack overflow

devname parameter

security vulnerability

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

17.0%

JSON

Tenda AX1803 v1.0.0.1 contains a stack overflow via the devName parameter in the function formSetDeviceName.

Affected configurations

Nvd

Node

tendaax1803_firmwareMatch1.0.0.1

AND

tendaax1803Match-

VendorProductVersionCPE
tendaax1803_firmware1.0.0.1cpe:2.3:o:tenda:ax1803_firmware:1.0.0.1:*:*:*:*:*:*:*
tendaax1803-cpe:2.3:h:tenda:ax1803:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
tenda	ax1803_firmware	1.0.0.1	cpe:2.3:o:tenda:ax1803_firmware:1.0.0.1:::::::*
tenda	ax1803	-	cpe:2.3:h:tenda:ax1803:-:::::::*

References

github.com/Anza2001/IOT_VULN/blob/main/Tenda/AX1803/formSetDeviceName.md

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

17.0%

JSON

Related for NVD:CVE-2023-49047

cve1 prion1 cvelist1